[api] basic functionality for creating and modifying groups. We need …

…still explicit calls for adding and remove users to a group for webui, I think.
openSUSE · Oct 18, 2012 · 03e96a9 · 03e96a9
1 parent bf7e000
commit 03e96a9
Show file tree

Hide file tree

Showing 7 changed files with 143 additions and 16 deletions.
diff --git a/src/api/app/controllers/group_controller.rb b/src/api/app/controllers/group_controller.rb
@@ -1,6 +1,10 @@
 
 class GroupController < ApplicationController
 
+  validate_action :groupinfo => {:method => :get, :response => :group}
+  validate_action :groupinfo => {:method => :put, :request => :group, :response => :status}
+  validate_action :groupinfo => {:method => :delete, :response => :status}
+
   def index
     valid_http_methods :get
 
@@ -21,12 +25,43 @@ def index
     render :text => xml, :content_type => "text/xml"
   end
 
-  def show
-    valid_http_methods :get
+  def groupinfo
+    valid_http_methods :get, :put, :delete
     required_parameters :title
 
-    @group = Group.find_by_title!( params[:title] )
-    @involved_users = @group.groups_users.all
+    if !@http_user
+      logger.debug "No user logged in, permission to groupinfo denied"
+      render_error :status => 401, :errorcode => "unknown_user"
+      return
+    end
+
+    unless request.get? or @http_user.is_admin?
+      render_error :status => 403, :errorcode => "group_modification_not_permitted", :message => "Requires admin privileges" 
+      return
+    end
+
+    if request.delete?
+      group = Group.get_by_title(URI.unescape(params[:title]))
+      group.destroy
+      render_ok
+      return
+    end
+
+    if request.put?
+
+      group = Group.find_by_title(params[:title])
+      if group.nil?
+        group = Group.create(:title => params[:title])
+      end
+      group.update_from_xml(Xmlhash.parse(request.body.read))
+      group.save!
+
+      render_ok
+      return
+    end
+
+    group = Group.get_by_title(URI.unescape(params[:title]))
+    render :text => group.render_axml, :content_type => 'text/xml'
   end
 
 end
diff --git a/src/api/app/models/group.rb b/src/api/app/models/group.rb
@@ -73,6 +73,50 @@ def get_by_title(title)
     end
   end
 
+  def update_from_xml( xmlhash )
+    self.title = xmlhash.value('title')
+
+    # update user list
+    cache = Hash.new
+    self.groups_users.each do |gu|
+      cache[gu.user.id] = gu
+    end
+    self.save!
+
+    xmlhash.elements('person') do |person|
+      if cache.has_key? person['userid']
+        #user has already a role in this package
+        cache[User.find_by_login(person['userid']).id] = :keep
+      else
+        user = User.get_by_login(person['userid'])
+        gu = GroupsUser.create( user: user, group: self)
+        gu.save!
+      end
+    end
+
+    #delete all users which were not listed
+    cache.each do |login_id, gu|
+      next if gu == :keep
+      GroupsUser.delete_all(["user_id = ? AND group_id = ?", login_id, self.id])
+    end
+  end
+
+  def render_axml()
+    builder = Nokogiri::XML::Builder.new
+
+    builder.group() do |group|
+      group.title( self.title )
+
+      self.groups_users.each do |gu|
+        group.person( :userid => gu.user.login )
+      end
+    end
+
+    return builder.doc.to_xml :indent => 2, :encoding => 'UTF-8',
+                              :save_with => Nokogiri::XML::Node::SaveOptions::NO_DECLARATION |
+                                            Nokogiri::XML::Node::SaveOptions::FORMAT
+  end
+
   def involved_projects_ids
     # just for maintainer for now.
     role = Role.rolecache["maintainer"]

diff --git a/src/api/app/models/groups_user.rb b/src/api/app/models/groups_user.rb
@@ -6,6 +6,8 @@ class GroupsUser < ActiveRecord::Base
   validates :group, :presence => true
   validate :validate_duplicates
 
+  attr_accessible :group, :user
+
   protected
   validate :validate_duplicates, :on => :create
   def validate_duplicates

diff --git a/src/api/app/views/group/show.xml.builder b/src/api/app/views/group/show.xml.builder
diff --git a/src/api/config/routes.rb b/src/api/config/routes.rb
@@ -23,7 +23,7 @@
 
     ### /group
     match 'group' => 'group#index'
-    match 'group/:title' => 'group#show', :constraints => cons
+    match 'group/:title' => 'group#groupinfo', :constraints => cons
 
     ### /service
     match 'service' => 'service#index'

diff --git a/src/api/test/functional/group_test.rb b/src/api/test/functional/group_test.rb
@@ -25,6 +25,63 @@ def test_list_groups
     assert_xml_tag :tag => 'entry', :attributes => {:name => 'test_group'}
   end
 
+  def test_get_group
+    reset_auth
+    get "/group/test_group"
+    assert_response 401
+
+    prepare_request_valid_user
+    get "/group/test_group"
+    assert_response :success
+    assert_xml_tag :parent => { :tag => 'group' }, :tag => 'title', :content => "test_group"
+    assert_xml_tag :tag => 'person', :attributes => {:userid => 'adrian'}
+
+    get "/group/does_not_exist"
+    assert_response 404
+  end
+
+  def test_create_modify_and_delete_group
+    xml = "<group><title>new_group</title></group>"
+    reset_auth
+    put "/group/new_group", xml
+    assert_response 401
+
+    prepare_request_valid_user
+    put "/group/new_group", xml
+    assert_response 403
+    delete "/group/new_group"
+    assert_response 403
+
+    prepare_request_with_user "king", "sunflower"
+    get "/group/new_group"
+    assert_response 404
+    delete "/group/new_group"
+    assert_response 404
+    put "/group/new_group", xml
+    assert_response :success
+
+    # add a user
+    xml2 = "<group><title>new_group</title> <person userid='fred' /> </group>"
+    put "/group/new_group", xml2
+    assert_response :success
+    get "/group/new_group"
+    assert_response :success
+    assert_xml_tag :tag => 'person', :attributes => {:userid => 'fred'}
+
+    # remove user
+    put "/group/new_group", xml
+    assert_response :success
+    get "/group/new_group"
+    assert_response :success
+    assert_no_xml_tag :tag => 'person', :attributes => {:userid => 'fred'}
+
+    # remove group
+    delete "/group/new_group"
+    assert_response :success
+    get "/group/new_group"
+    assert_response 404
+  end
+
   def test_list_users_of_group
     reset_auth
     get "/group/not_existing_group"

diff --git a/src/api/test/functional/maintenance_test.rb b/src/api/test/functional/maintenance_test.rb
@@ -1624,7 +1624,6 @@ def test_copy_project_for_release
 
   def test_copy_project_with_history_and_binaries
     prepare_request_with_user "tom", "thunder"
-    assert_xml_tag :tag => "status", :attributes => { :code => "project_copy_no_permission" }
     post "/source/home:tom:CopyOfBaseDistro?cmd=copy&oproject=BaseDistro&withbinaries=1"
     assert_response 403
     assert_xml_tag :tag => "status", :attributes => { :code => "project_copy_no_permission" }